CyberSec.Space Logo
Back to CVE Browser

CVE-2020-2500

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile2.31th
PublishedJul 1, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.

Affected Platforms (CPE)

📦
Qnap

Helpdesk

< 3.0.1

References & Advisories

🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-03
🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-03

Related Vulnerabilities

CVE-2003-030410.0

one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the inst...

CVE-2020-149429.8

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.

CVE-2020-126849.8

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML in...

CVE-2020-25079.8

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could a...